Improved Adversarial Training via Learned Optimizer
Yuanhao Xiong, Cho-Jui Hsieh
;
Abstract
Adversarial attack has recently become a tremendous threat to deep learning models. To improve model robustness, adversarial training, formulated as a minimax optimization problem, has been recognized as one of the most effective defense mechanisms. However, the non-convex and non-concave property poses a great challenge to the minimax training. In this paper, we empirically demonstrate that the commonly used PGD attack may not be optimal for inner maximization, and improved inner optimizer can lead to a more robust model. Then we leverage a learning-to-learn (L2L) framework to train an optimizer with recurrent neural networks (RNN), providing update directions and steps adaptively for the inner problem. By co-training optimizer's parameters and model's weights, the proposed framework consistently improves over PGD-based adversarial training and TRADES. "
Related Material
[pdf]